In the Specification 
Kindly replace paragraphs [0001] through [0039] with the following: 
Related Applications 

This is a $371 of International Application No. PCT/FR2004/050613. with an international 
filine date of November 24, 2004 (WO 2005/053299, published June 9. 2005), which is based on 
French Patent Application No. 03/50895, filed November 24, 2003, 
Technical Field 

Th e pr e s e nt inv e ntio n This disclosure relates to the area of the broadcasting of digital aud- 
iovisual sequences. 

The pr e s e nt inv e ntion propos e s supplying a proc e ss and a syst e m that p e rmit th e visual and/or 
auditory prot e cting of an audiovisual sequence stemming fi-om a digital standard, a digital norm ^^ 
proprietary standard, its distribution in a secur e manner in multicasting mode via a tolocommun 
ication n e twork, and the reconstituting of its original cont e nt on a recomposition modul e of th e 
addr e ss e d e quipm e nt from a protected digital audiovisual str e am. 

The pres e nt inv e ntion relat e s mor e particularly to a device capable of transmitting a s e t of 
high quality audiovisual streams in a s e cure mann e r via a t e lecommunication network to a vi e wing 
scr e en and/or to an audio output belonging to a t e rminal or display devic e such as a t e levision scre e n, 
a comput e r or a mobile t e rminal such as a telephone or PDA (Personal Digital Assistant), or th e like 
whil e preserving the audiovisual quality but avoiding any fi'audulent us e such as the possibility of 
maldng pirated copies of the broadcast contents. The invention r e lates essentially to a proc e ss and a 
client sorv^or system that protects the audiovisual cont e nts by s e parating them into two parts, th e 
second part of which is absolut e ly indisp e nsabl e for the roconstitution of th e original stream, which 
latter is restored as a function of th e recombination of the first part with the second part. 
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The proc e ss us e d for th e d e scription of a pr e f e rr e d e x e mplary e mbodim e nt of th e pr e s e nt in 
v e ntion s e parat e s the audiovisual str e am into two parts in such a manner that th e first part, called 
"modifi e d main str e am", contains th e quasi totality of th e initial information, for e xampl e , more than 
99%, and a s e cond part, call e d "compl e m e ntary information", containing targ e t e d elem e nts of the 
initial information and which is of a v e ry small siz e compared to th e first part. Th e compl e m e ntary 
information contains data e xtract e d fi"om th e original str e am, which e xtract e d data is r e plac e d by 
"decoys" in the modifi e d main str e am in such a manner as to cause a s e v e re audiovisual d e gradation 
while k ee ping this main str e am protect e d in conformity with th e norm or standard of th e original 
str e am. 
Background 

It is currently possible to transmit audiovisual programs in digital form via broadcasting net- 
works of the microwave {{herzian}}, cable, satellite type, etc. or via telecommunication networks of 
the DSL type (Digital Subscriber Line) or BLA type of (Local Radio Loop) or via DAB networks 
(Digital Audio Broadcasting) as well as via any wireless telecommunication network of the GSM 
(Global System for Mobile), GPRS (General Packet Radio Service), UMTS (Universal Mobile Tele- 
communication System), Bluetooth, WiFi types, etc. Moreover, in ord e r to avoid the pirating of 
works broadcast in this manner these works are fi-equently encrypted or scrambled by various known 
means well laiown fi'om th e prior art . 

The prior art contains the document US 6,295,361 prosontin p discloses a method and ^device 
that permit a key management node to decide the process for changing the group key of certain nodes 
in a multicasting group with the aid of an indicator inserted into a multicast packet. The manage- 
ment node decides how to insert the indicator and which nodes are concemed. The new key is then 
sent and when all the nodes of the group have received their key, the management node sends an 
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indicator or also a date from which all the members of the group are authorized to use the new keys. 
This prior art repr e s e nts Thus, a method for managing the multicast session with the aid of dynamic 
changing of the group keys is disclosed . The same key is attributed to all the members of the same 
group with the aid of which the data is decrypted. However, the protection used is the encryption 
and all the data initially present in the audiovisual stream remain in the protected stream. Conse- 
quently, this prior a rtU S *361 does not resolve the problem of high security and personaUzation74he 
subj e ct matter of the proGont inv e ntion . 

The prior art also mak e s r e f e r e nc e to th e document WO 02/1 1 356 A2 , that pres e nt s discloses 
a method for the-managing keys between the client and the server in a multicast environment. The 
method is based on the-establishing ef-a secure channel between the server and the client using an 
SSL protocol (Secure Socket Layer) or TLS (Transport Layer Security) with certain modifications of 
the order of the-exchanging of messages in ord e r to be able to generate a management key and te 
send thisthe key to the client via the secure channel, from which key the client generates *ea future 
key for the session with the server. The clients of one and the same multicasting group use the same 
management key for generating a session key during the communication session. This prior a rt WO 
^356 does not correspond to the criteria for the secure transport of audiovisual dat a, subj e ct matt e r of 
the present invention, and the data, even the encrypted data, is integrally present in the protected data 
stream. 
Summary 

This invention relates to a process for secure distribution of digital audiovisual streams 
according to a standard, normalized or proprietary format including separating an original stream 
into two parts, transmitting the parts to addressee equipment: generating a modified main stream 
having a format of the original stream and complementary information with anv format including 
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digital information suitable to permit reconstruction of the original stream, transmitting the modified 
main stream fi-om a distribution server via separate paths during distribution in an extended, secure 
multicasting mode to the addressee equipment fi-om a secure central server passing via at least one 
router and at least one switch connecting the addressee equipment to the central server via at least 

one access point. 

This invention also relates to a system for the secure distribution of audiovisual streams 
including a device for separating an original video stream into a modified main stream and into 
complementary information, at least one multimedia server containing the audiovisual streams, at 
least one secure central server including a device for securing and personalizing the complementary 
information fi-om which the complementary information is distributed, at least one telecom- 
munication network, at least one router, at least one switch fimctioning as an access point for 
connection to addressee equipment and a device in the addressee equipment for reconstruction of the 
original audiovisual stream as a fimction of the modified main stream and the complementary 
information. 

Brief Description of the Drawing 

The drawing is a diagram showing in block form selected aspects of a system broadcasting 

system. 

Detailed Description 

This disclosure provides a process and a system that permit the visual and/or auditory pro- 
tecting of an audiovisual sequence stemming from a digital standard, a digital norm or a proprietary 
standard, its distribution in a secure manner in multicasting mode via a telecommunication network, 
and the reconstituting of its original content on a recomposition module of the addressed equipment 
from a protected digital audiovisual stream. 
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A device is disclosed that is capable of transmitting a set of high-quality audiovisual streams 
in a secure manner via a telecommunication network to a viewing screen and/or to an audio output 
belonging to a terminal or displav device such as a television screen, a computer or a mobile terminal 
such as a telephone or PDA (Personal Digital Assistant), or the like while preserving the audiovisual 
quality but avoiding any fraudulent use such as the possibility of making pirated copies of the broad- 
cast contents. A process is also disclosed as is a client-server system that protects the audiovisual 
contents by separating them into two parts, the second part of which is indispensable for recon- 
stitution of the original stream, the latter being restored as a function of the recombination of the first 
part with the second part. 

The process used for the description of a preferred example separates the audiovisual stream 
into two parts in such a manner that the first part, called "modified main stream," contains the quasi 
totality of the initial information, for example, more than about 99%, and a second part, called "com- 
plementary information," containing targeted elements of the initial information and which is of a 
very small size compared to the first part. The complementary information contains data extracted 
from the original stream, which extracted data is replaced by "decoys" in the modified main stream 
in which a manner as to cause a severe audiovisual degradation while keeping this main stream 
protected in conformity with the norm or standard of the original stream. 

hi distinction to th e stat e of th e prior ort tho present invention propos e s This disclosure 
provides a system characterized by the multicast broadcasting of fee-complementary information and 
in that a p rocessing is carried out in real time on segments representing entities that are independent 
as regards the processing, which segments comprise data for the reconstruction of complete audio- 
visual information and are secured and personalized for each user and are-sent to the equipment of 
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the addressees in real time via a low-bandwidth network from a central server functioning as access 
controller for the viewing of the contents. 

In th e pr e s e nt inv e ntion th e The term "multicast" denotes a manner of transmitting from a 
sender to all the receivers belonging to the same group of subscribers in contrast to the term "uni- 
cast", that represents a manner of transmitting from a sender to a single receiver. 

The protection applied to contents distributed by the secure multicasting system , subj e ct 
matt e r of th e pr e s e nt inv e ntion, is based on the principle of deleting and replacing certain infor- 
mation present in the original encoded audiovisual signal by any method, e.g., substitution, mod- 
ification, permutation or shifting of the information. The solution consists i n includes extracting and 
permanently preserving in a secure server feisthe complementary information containing a part of the 
original audiovisual stream, which part is indispensable for reconstituting thisthe audiovisual 
program^ but has a very small volume relative to the total volume of the audiovisual program 
recorded at the user's or received in real time by this user. Tfe sThe complementary information is 
transmitted in multicasting mode via the secure transmitting network at the moment of viewing 
and/or hearing of thisthe audiovisual program. 

The fact of having removed and substituted by decoys a part of the original data of the initial 
audiovisual stream during the-generation of the modified main stream does not permit fee-restitution 
of the original stream from thisthe modified main stream, that is entirely compatible with the format 
of the original stream and can therefore be copied and read by a classic reader. ThisThe modified 
main stream is, however, completely incoherent from the viewpoint of human auto visual perception. 

As the original digital stream is separated into two parts, the largest part of the audiovisual 
stream, s«dthe modified main streamrwi B may therefore be transmitted via a classic broadcasting 
network whereas the lacking part, saidthe complementary information, wittmay be sent on demand 
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via a narrow-band telecommunication network or via a physical support such as a memory card, disk, 
etc. However, the two networks can be combined while keeping the two transmission paths separate. 
For the-reconstitution of the original stream^ the complementary information is sent piece by piece 
during the-viewing and/or h e aring o fl istening to the audiovisual stream. 

The subject matter of the pr e sent inv e ntio n this disclosure is the secure and personalized 
transmission, after authentication of the user, of the complementary information in multicasting 
mode in such a manner as to avoid it from being able to be copied or fall entirely into the possession 
of the user or of any ill-disposed person. 

Multicast distribution is used in the instances in which a large number of users wish to access 
the same content at the same time, which is, e.g., the case for direct broadcasting by sateUite or cable 
or via any other network that allows several subscribers to be accessed at the same time. The content 
stream is transmitted from a server to the clients via a multicasting channel. The complementary in- 
formation designated and personalized for each active cHent (member of the multicasting group) is 
broadcast by a separate path from a secure server also in multicasting. The user who is interested in 
a content joins the multicasting group, receives the complementary information as a function of 
hi sthe user's rights, which thus allows the-reconstitution of the original stream and therefore the 
viewing simultaneousl y viewing with the reception of thisthe complementary information. 

On the one hand, the benefit of the distributing in multicasting mode of the complementary 
information is that a central server can model its distribution to a very large number of consumers. 
On the other hand, the disadvantage of distributing in multicasting is that the same complementary 
information is transmitted to all the users in the group and^ as a consequence^ it is more difficult to 
individually control the different consumers. 
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From the standpoint of security and content protection, multitasking has the disadvantages of 
the models "one-to-many* or "a single sender, several receivers" from the English expression "one- 
to-many" that designates a communication operation from a single sender and directed to multiple 
receivers. This creates the necessity fefof working out a protection system for reliable multicasting 
distribution based on the following characteristics: 

- Thethe solution of th e pr e s e nt inv e ntion is complementary to the multicasting distribution 
protocol "join/leave the group" that is well-know n to an expert in th e art . 

- The-making ef-the decision to join/leave the group is performed at the level of the access 
elements of the network for access control from a previously established list where the client 
receives the-permission to join tiristhe group^ but does not have the right at thisthat stage to 
view the stream broadcast for thisthe group, which access elements are called "switches." 

- Tbe-users for which a switch refused authorization cannot join the group. 

- The-thecentral server is responsible for updating the client Hst and fef-making the decision 
to include new identities in the list of encryption keys for the session after a first stage of 
authentication with the client desiring to join the group. 

- Baeheach session key is individual for each client and has its own lifetime, after which it is 
considered as a non-valid key and is-then destroyed by the server. 

- Thetiie scale of a muhicasting group is on the order of several thousand users per group. 

- Tfeethe relation is of the one-to-all type in a single direction. Consequently, the server is 
dways-the emission source and the clients are alwe^the receivers with the exception of 
requests emitted from the receivers to the server via a unicasting return link or, e.g., during 
the authentication stage. 
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The particularity of th e prcsont inv e ntion is that the server broadcasts in multicasting to a 
large number of users that can join and leave the group in a dynamic manner. Furthermore, in th e 
pr e sent invention the functionality of the selective relation C'push relation " in EngUsh ) is eliminated, 
that is, the clients of one and the same group can not communicate with each other and^ as a conse- 
quence^ the model of the multicasting connection is simplified, as well as the protocol for the 
management and distribution of keys for the members of the group. 

Th e subj e ct matt e r of th e pr e s e nt inv e ntio n Thus. one aspect is a simplified protocol for-the 
secure broadcasting of the complementary information in multicasting, thus completing the existing 
multicasting broadcasts protocols with a secure broadcasting protocol of said-complementary infor- 
mation. 

To this endi the inv e ntion r e lates p rocess according to its most a general meaning to a proc e ss 
fef4h eincludes secure distribution of digital audiovisual streams according to a standard, normalized 
or proprietary format, in which streams a separation of the stream into two parts is made prior to the 
transmission to the addressee's equipment in ord e r to generate a modified main stream with the for- 
mat of the original stream and to generate complementary information with any format comprising 
the digital information suitable for permitting the reconstruction of the original stream, charact e riz e d 
in that this wherein the modified main stream is transmitted from a distribution server via separate 
paths during the distribution phase and that this the complementary information is transmitted in 
multicasting mode to thisthe addressee's equipment from a secure central server passing via at least 
one router and at least one switch connecting thisthe addressee's equipment to thisthe central server 
via at least one access point. 

Th e auth e nticatio nA uthentication between the client and the server is preferably performed in 
unicast mode. According to a particular e mbodiment oA session key that is unique by content and by 
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client kmav be generated by the central server following feis-authentication. The complementary 
information is advantageously compressed and encrypted prior to being sent to the client. 

According to a variant th e manap e mon tM anagement of a multicasting group i smav be per- 
formed in the connection layer controlling the distribution of data in multicasting solely for the 
access point concemed. Th e managin g Managing and tite^securing ef^the complementary information 
is preferably performed following a multi-reception of the requests for authentication by a central 
server and comprises a compression stage, and encryption stage and a management stage of said ses- 
sion keys. 

According to a pr e f e rr e d e mbodiment the r e generation R egeneration of a new session key for 
the client i smav be performed as a function of the decision of the client to prolong the connection, is 
based on the lifetime of the preceding session key and is individual for each member of the multi- 
casting group. 

According to anoth e r embodim e nt th eThe complementary information i smav also be secured 
and personalized for each client and fef^each multicasting session with the aid of methods of hybrid 
or symmetric or asymmetric encryption. 

The invention also relat e s to a system for the secure distribution of audiovisual streams^ 
characterized in tha t mav include the control of the throughput in the multicasting group and is per- 
formed as a consequence of the managing and personalizing of the securing of the complementary 
information. 

The system of th e inv e ntion p referably comprises a device for separating the original video 
stream into a modified main stream and inte-complementary information, at least one multimedia 
server containing the protected audiovisual streams, at least one secure central server comprising a 
device for securing and personalizing thisthe complementary information from which the comple- 
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mentary information is distributed, at least one telecommunication network, at least one router, at 
least one switch functioning as access point for the connection to the addressee's equipment and a 
device in the addressee's equipment for tfee-reconstruction of the original audiovisual stream as a 
function of s^dthe modified main stream and of saidthe complementary information. 

The pr e s e nt inv e ntio n process and system will be better understood with the aid of d eselected 
exemplary embodiments and ef^the following detailed stages. A preferred^ but non-limiting exem- 
plary embodiment of the process that responds to the criteria of security and reliability is illustrated 
by the client-server system presented in the figure. 

The auto visual stream in digital form 1 transmitted via link 6 to analysis and scrambling 
module 2 is separated into two parts by Sris-module 2. Modified main stream 1 7 is stored in multi- 
media server 16 and is-sent in real time to the client during viewing via a broadband network or is 
stored in advance on the backup device of terminal 14 of the user. Complementary information 3 is 
sent to storage and segmentation module 41 of secure central server 4. 

Since the complementary information is sent solely on demand, its distribution in real time, 
its securing and its personalizing for each user is realized by virtue of the property of "scalability in 
throughput" on the transport networks. The notion of "scalability in throughput" is defined as the 
capacity of a network to manage, modify, allocate and adapt the throughput of the transiting streams 
as a function of the bandwidth that is available or negotiated and as a function of the-network con- 
gestion[[s]] . As a result of the low throughput of the complementary information transmitted m real 
time, the process of th e pr e s e nt inv e ntion contains a segmentation stage of the complementary 
information in module 41, which generates data segments of variable size with each segment cor- 
responding to an entire, subjectively coherent audiovisual element such as an image or a fi^ame, a 
group of images or GOP ("Group Of Pictures " in English ) in an MPEG-2 stream for example. In a 
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vaHm tanother aspect, the segmentation is performed in a single stage after tbe-generation of saidthe 
complementary information 3 and produces a series of segments designated as a."stream of comple- 
mentary information" that remain stored in storage and segmentation module 41. In vet another 
variaft taspect, the stream of complementary information is generated in real time. 

The segmentation stage of the complementary information is followed by a stage of encap- 
sulation enof blocks of data and an encryption stage in module 42 preceded by a stage of com- 
pressing their size in which the blocks remain available on demand by the users. The stream of 
complementary information is continuously sent to terminal 14 of the user in the form of blocks with 
a block containing a segment to which access information or '"header" was added comprising data 
relative to the identity of the user in the case of a classic centralized network. The header preferably 
comprises data relative to the mobility of the user (position, rights, network access points, for exam- 
ple) in the case of a distributed network. The header advantageously comprises data relative to the 
encryption keys of the stream of complementary information. A block is the fundamental unit of 
communication and is also called UFIC (Ffefieh-"Unite de Flux d'Information Complementaire" = 
English " Unit of Stream of Complementary Information"). 

When the user "i" wishes to view a sequence h ethe user connects via his-equipment 14i and 
link 13i to l»sa closest access point, switch 12a, that previously gave him th e authorization to join 
the multicasting group. Switch 12a redirects the request via a link 1 1 to local router 10a, which latter 
for its part directs the request via link 9a to central router 8, which central router 8 addresses central 
server 4 via link 7. When server 4 thus receives the request of cHent 14i, central server 4 requires an 
authentication from thisthe client 14i in order to make a decision about sending the UFIC's 
requested, that are unique as an audiovisual sequence. After the authentication dialog, the-iden- 
tification of the client 14i by central server 4 that h ethe client is in its database 5, and the generation 
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of a unique session key, the stream segmented in module 41 is sent via link 43 to module 42, 
compressed and encrypted in thisthe module 42 by saidthe unique session key by heading and by 
client. The UFIC's are then transported via link 7, central router 8, link 9a, local router 10a, link 
11a, switch 12a and link 1 3i to terminal 1 4i of the user i. Terminal 1 4i of the user is advantageously 
equipped with a smart card 1 5i on which the description of the xmits of the stream of complementary 
information is performed. 

Switch 12a is responsible for the-security and controls the addresses of the clients in the 
access list composed of information relative to the previous sessions with the client (e.g., time and 
duration of connection, anticipated or delayed payment, type of contents viewed), ^hich assures4he 
personalizing of each client session and therefore ef-the complementary information by forming 
UFIC units. One e mbodim e n tw av is the use of a hybrid method such as, e.g., using unicasting for 
authentication with the aid of secure keys and multicasting for the broadcasting of the comple- 
mentary information. 

In the firGt plac e F irst. if the client 14i succeeds in joining the multicasting group desired via 
switch 12a, it is because h ethe client has a recognized identity and an authorization from the network 



to receive these-packets of complementary information after the authentication stag e; howev e r . 
However , if no valid session key was generated by the central server, the client can not use the 
UFIC's, which UFIC's are broadcast and encrypted solely with the keys of the other users 14j, 14k, 
et eor the like . 

In the s e cond plac eSecond , the client communicates with the server of complementary 
information 4 in a point-to-point link in unicasting and the authentication phase is thus performed m 
ord e r t o assure that the client has sufficient rights for receiving the UFIC's and fef-generating the 
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session key (via a secure method of exchange of infomation) and the viewing rights are backed up in 
a database for managing rights 5. 

At the end of this^ stage server 4 automatically adds the new key of client 14i into the list of 
session keys corresponding to the multicasting group requested. 

Server 4 begins to encrypt the current UFIC with the session key and sends the UFIC with 
what is called "a label" that is delivered to the client during the authentication stage. This label con- 
tains the information about a unique association between the encrypted UFIC and each client. Client 
14i receives groups of packets and retains saidthe valid label and decrypts the data portions with 
saidthe session key until the lifetime of this session key expires. 

Kindly replace paragraphs [0042] through [0053] with the following: 

A compressio n Compression of the units of streams of complementary information is prefer- 
ably applied prior to the-encryption with all the session keys, which reduces the volume of infor- 
mation to be transported and also increases the security of the encrypted UFIC's as a consequence by 
reducing the redundancy because many cryptographic analyses exploit-the redundancy in ord e r to 
break the protection. The efficacy of the compression algorithm is also one of the factors that man- 
ages the throughput scalability of the multicasting group as a function of the number of members per 
group. 

Each user decrypts the UFIC's received with the aide of tris-e ^each user's session key. 

The term "transmission cycle of the server" denotes the stage of sending a UFIC in com- 
pressed form, encrypted with all the keys of the members of the group to the address and the port 
number of the multicasting group. An advantage of this technique is that it assures arresistance to 
pirating due to the fact that a-multiple encryption of the same content is applied with different keys 
for the different addressed equipments. The compression mechanism is applied ferto the trans- 
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mission cycle of the server in ord e r to avoid a traffic that is too high for the groups with a large 
number of members (several thousand users). This model is suitable for being used for any lossless 
compression algorithm of the LZ (Lempel-Ziv) type, e.g., LZW (a variant of LZ by Terry Welsch), 
LZJH (Lempel-Ziv- Jeff-Heath or v.44 by ITU-T) and the like . 

Periodic renewals of the session keys are made in ord e r to assure their cryptographic security. 
For example, a session key can be valid for a period of two hours, during which the key deciphers a 
quantity of UFIC's with a throughput of a dozen of kbits/s equal, e.g., to 2^^ data blocks, each with a 
length of 64 bits. 

An extension of the function of observing messages of the multicasting group ("snooping"4H 
English) with the IGMP (Intemet Group Management Protocol) protocol at the last distribution point 
12 is used in the connection layer for access management (authorize or prohibit) for each client on 
the streams for which this client has or does not have rights[[,]] and^ as a consequence^ optimizes the 
bandwidth for each client at hi sthe client's access point such as, e.g., a DSLAM (Digital Subscriber 
Line Access Multiplexer) of a DSL (Digital Subscriber Line) network. This extension of the obser- 
vation function thus adds an extended and secure mode of multitasking transmission. This com- 
plementary information is thus transmitted during the distribution phase in an extended and secure 
mode of multitasking transmission to saidthe addressee's equipment from a secure central server 
passing through at least one router and at least one switch connecting thisthe addressee's equipment 
to thisthe central server via at least one access point. The system keeps the personalization of the 
UFIC's for each client while reducing the number of imicasting connections per server with the 
exception of moments of authentication. The system also optimizes the throughput, therefore, the 
quantity of data to be transmitted as a function of the variation of the number of clients per group. 
Thus, the access management and the-personalization of the complementary information "UFIC" 
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control the throughput in the multicasting group. The current version of the IGMP protocol allows 
switches 12 to detect the IGMP messages of the member clients, to send the respective response and 
te-^ontrol the distribution of packets in multitasking up to the port of the client. In the pr e s e nt 
inv e ntion thi s This function is completed by a filtering relative to the first control level with a list of 
addresses of the MAC (Medium Access Control) connecting layer, which addresses represent the 
clients authorized to connect to the multicasting group. 

Furthermore, a marking with a label is added for each compressed and encrypted data packet 
that represents the identity of the client and also a second level of control and el^personalization. 

This identity is used by switch 12 to determine the physical port to which the packets are dis- 
tributed by sending the client in question only the packets marked with ht sthe client's own label. 

According to a variant th e T he UFIC's af emav be encrypted with the aid of symmetric 
encryption algorithms and the encryption key i smav then be encrvpted with a public key of the 
addressee. This is a hybrid authentication mode. According to anoth e r variant th eThe UFIC's 
af emavalso be encrypted with the aid of asymmetric encryption algorithms and this is a PKI ("Public 
Key Infirastructure " in English ) authentication mode. 

The pres e nt inv e ntio np rocess will be illustrated with the aide of a pr e ferr e d second ex e mplary 
e mbodimen te xample that includes a multicasting protocol, a mutual authentication method and a 
compression method for the server comprising multicasting protocols used and their extension for 
the distribution of the complementary information , subject matt e r of the present invention . 

The multicasting transmission system is based on a group management protocol (IGMP) that 
is responsible for the control for joining/leaving the multicasting group. This protocol is executed 
between the client 14i, 14j, 14k and histhe closest network access point, switch 12a. A multi-casting 
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routing protocol controls the routing of the multicasting traffic from switches 12 to all routers 10 of 
the distribution network. 

Kindly replace paragraphs [0055] through [0056] with the following: 
This solution optimizes th e manapin jg management of the bandwidth at the level of the 
switches, avoiding an overloading of the LAN's ("Local Area Network " in English ), in particular in 
the instances in which the final user switches frequently from one multicasting group to another one, 
e.g., when changing a television channel. 

Routers 10 supporting multicasting routing, and switches 12 for which layer 3 of the OSI 
model is capable of managing the data used for this example, contain a bandwidth control with a 
functionality of limiting throughput in IP multicasting that allows an upper limit to be imposed for 
the traffic carried out from the server to the multicasting groups. The mechanism for defining the 
limits includes the definition of a multicasting source filter and a multicasting group receiving filter 
per reception port. This control filter is based on the IP address or also on the Mac address (address 
of the network card "Medium Access Control") using, e.g., the MVR (Multicast VLAN Registration) 
mechanism, and as a consequence in order to avoid a fraudulent attribution ("spoofing " in English ) 
of the IP network address of the client a complementary protocol is applied in unicast "Unicast 
Reverse Path Forwarding" (URPF) between client 14 and switch 12. 
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